Security has become an important area in the field of network
management. A security management service is responsible for providing
a safe environment for both the operation and management of resources
in a domain. The security system proposed, called SSCC, aims at
increasing security in telecommunication networks by avoiding frauds
due to cloned mobile phones (i.e., having both the number and series
of a genuine phone).

An abstract specification of the SSCC system, corresponding to a
formalization of the user requirements of SSCC, has been developed
in LOTOS. Then, this specification has been refined in several steps
by defining the structure and behaviour of its various components:
the manager (which is responsible for receiving notifications
and sending alarms to the users) and the set of managed sites
(each of them consisting of a management agent, a reference baseline,
and a file recording the telephone calls).

The CADP toolset has been employed for two purposes. Firstly, CAESAR
and ALDEBARAN have been used to formally verify the correctness of the
refinements, by generating the labelled transition systems (LTSs)
of two successive refinements and compring them modulo observational
equivalence. Secondly, CAESAR has been used to generate C code from
the refined LOTOS specification. This allowed both to establish the
correctness of the LOTOS specification of SSCC (w.r.t. the initial
abstract specification) and to have a prototype of the system in C.
This C code has been helpful later for developing the C++ and JAVA
final implementation of the SSCC system.

Conclusions:

The model-checking techniques employed have been very useful for this
case-study. LOTOS allows a rigorous specification and validation
process, and the CADP toolset provides verification and code generation
facilities that make the development reliable and faster.